Version 1.8. This version is supported as outlined in the Anthos version support policy, offering the latest patches and updates for security vulnerabilities, exposures, and issues impacting Anthos clusters on VMware (GKE on-prem). Refer to the release notes for more details. This is the most recent version.

Using containerd for the container runtime

The container runtime is software that is responsible for managing containers and container images on a Kubernetes node. Containerd is a CNCF (Cloud Native Cloud Foundation) graduated container runtime. It supports Kubernetes natively, and is considered more resource efficient and secure than the Docker Engine for Kubernetes. Until Kubernetes 1.20, Docker Engine was the primary container runtime. However, Dockershim, the Docker Engine integration code in Kubernetes, was deprecated in Kubernetes 1.20, and will be removed in Kubernetes 1.24. Thus, Anthos clusters on VMware (GKE on-prem) users should plan to use containerd for their container runtime as soon as possible.

Support for Containerd in Anthos clusters on VMware admin cluster nodes

In Anthos clusters on VMware 1.8, the admin cluster uses containerd on all nodes: the admin master node, admin addon nodes and user master nodes. This applies to both new admin clusters and existing admin clusters upgraded from 1.7.x.

Support for Containerd in Anthos clusters on VMware user cluster nodes

Anthos clusters on VMware 1.8 introduces a new ubuntu_containerd OS image type. The ubuntu_containerd OS image type uses the identical OS image as ubuntu, but the node is configured to use containerd as the container runtime instead of Docker Engine.

In version 1.8, the ubuntu_containerd OS image type is used for a new node pool by default if osImageType if not specified. However, if you upgrade an existing node pool from v1.7.x, the node pools will continue to use the Docker Engine after the upgrade.

If you want to continue using the Docker Engine for a new node pool, starting with version 1.8, you must explicitly specify ubuntu as the osImageType. As Docker Engine support will be removed in Kubernetes 1.24, you should plan to convert your node pools to use the ubuntu_containerd OS image type.

Update osImageType used by a node pool

See Update the osImageType of a node pool.

Migration from Docker Engine to containerd

These resources provide general information about migrating from Docker Engine to containerd.

Checking the node image type

You can check which image type is used for existing nodes.

To check with kubectl:

kubectl get nodes -o wide --kubeconfig ADMIN_CLUSTER_KUBECONFIG

where:

  • ADMIN_CLUSTER_KUBECONFIG is the path of the kubeconfig file for your admin cluster.

The output is similar to the following:

NAME ...  OS-IMAGE ...         CONTAINER-RUNTIME
node-1    Ubuntu 18.04.5 LTS   containerd://1.4.3
node-2    Ubuntu 18.04.5 LTS   containerd://1.4.3
node-3    Ubuntu 18.04.5 LTS   containerd://1.4.3

The column CONTAINER-RUNTIME outputs the runtime and its version.

To check within the node, run:

sudo crictl version

The output is similar to the following:

Version:  0.1.0
RuntimeName:  containerd
RuntimeVersion:  1.4.3-0ubuntu0~18.04.1
RuntimeApiVersion:  v1alpha2